Software piracy has been and will always be a major enemy in the software industry. Billions of dollars in revenue are lost each year due to unauthorized copying and distribution of pirated software (see May 20, 1996 of the Wall Street Journal). Due to the lack of effective methods in the losing battle against software piracy, the software industry can only hope that for every ten copies of software distributed only one copy is purchased legitimately. This lost revenue to the software industry is reflected by the higher prices of software in the market; both legitimate software buyers and companies that sell the software are the victims.
The various methods that software companies currently use to protect their products from unauthorized copying work to some extent in preventing individual users from making a small number of copies for friends/relative etc. Nevertheless, these methods have been largely ineffective against the large organized piracies in Europe and Asia. It has been argued, and to some degree legitimately, that the former type of software copying--individual consumers giving friends and relatives copies--is actually a healthy contribution to the software industry as this amounts to a free form of advertising. Particularly with the now-standard so-called "guilt banners" that loudly proclaim the original buyer's name, it is believed that sooner or later these friends/relatives will value the product enough to buy their own original copies. However, this perceived boon is not at all true of the completely destructive effects of the latter type of large scale organized piracy.
As well known in the state of the art some of these partly effective existing methods include (a) locking out simple copying commands from most operating systems to prevent direct copying of the disk containing the software (which can be readily bypassed with more sophisticated copying software); (b) software only offered on a CD-ROM which can then periodically check for the presence of the original purchased CD during the running of the program (however, with the availability of low-cost recordable CD-ROM drives, this no longer suffices); and (c) a password system which requires the user to type a password that is provided in the original users' manual in the form of a serial number or key word during the running of the program or the initial installation of the program (however, such passwords can be readily copied and distributed along with the pirated software themselves; they can also be forgotten).
Given the difficulties of these marginally effective methods, a preferred approach would be for the authorized user to give or be given a "key", which cannot be duplicated, to each copy of the software such that the software will only run or be installed when the correct "key" is present. This method requires that the "key" cannot be duplicated and distributed. Advanced methods along these lines have been recently described; see for example, U.S. Pat. No. 5,337,357 (Chou et al.) and U.S. Pat. No. 5,260,999 (Wyman), both of which are incorporated herein by reference for all purposes. In particular, the method for protecting distributed software by Chou et al. relies on a unique factor such as an accessible serial number or the generation of a profile of the computer of the user which is entered individually and/or with a random factor to generate a unique first key which will differ for different computers. The first key is sent to a processing center which then generates a second key. The user applies the second key which compares the unique and/or random factors. If the comparison matches, the first and second keys are used in an algorithm in the software to generate a decrypting key permitting the customer to purchase the selected program(s).
While this technique provides some improvement over traditional piracy avoidance techniques, it suffers from certain difficulties. For example, a user cannot easily move his/her copy of the software from one machine to another or install the software on multiple machines in his/her possession. As is understood in the art, such usage is often legitimate.
What is needed therefore is an improved method for authenticating operation of software that does not rely on the profile of a particular machine.